Re: client certificates
From: Shaun Wilde (shaun_wilde_at_nospam.nospam)
Date: Fri, 8 Apr 2005 20:40:58 +0100
Ah - I see - I did wonder if it had to be something like that
since however that I'd like to handle all browsers I'd have to
consider a java applet rather than just an IE solution
Do you know of any examples of these in ActiveX and/or Java?
"Joe Kaplan (MVP - ADSI)" <firstname.lastname@example.org> wrote
in message news:ezF$wX7OFHA.3292@TK2MSFTNGP12.phx.gbl...
> If you want to sign a document, you will need code running on their
> workstation such as an ActiveX control or downloaded .NET control. The
> private key exists only on the user's workstation, not on the server.
> If your code accesses the private key, the user should be prompted for
> password on the key (assuming the key is password protected). I'm not
> if this prompting is cached or not, so you would have to test that. Note
> that since this code will be independent of the web page, your code will
> trigger the request for the key password even if they already entered the
> password to view the page with their client certificate.
> Joe K.
> "Shaun Wilde" <email@example.com> wrote in message
> > #1) I'll give it a try
> > #2) I wish to sign a document - to do so I need to send the data to the
> > users browser - and the client will sign it using their client
> > (if the client ceetificate is protected by a password then the user
> > have to enter the password. Why? It is so if the user leaves their
> > terminal
> > unattended then a malicious user cannot sign it on their behalf as they
> > would not know the password. Security!!
> > I just don't know who to do this.
> > "[MSFT]" <firstname.lastname@example.org> wrote in message
> > news:WJBUjjxOFHA.2944@TK2MSFTNGXA01.phx.gbl...
> >> Hello,
> >> #1) I think IE will display the cached content when you returns and it
> >> doesn't send request to server side. You may disable client cache with:
> >> <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
> >> and
> >> Response.Expire = -1
> >> #2) Can you explain more on this issue? I am not clear that why you
> >> user input the password and why this page cannot be authenticated.
> >> Thanks,
> >> Luke